On September 28, 2010, Vivek Kundra, Federal CIO at the time, issued a “Transition to IPv6” memorandum noting that “The Federal government is committed to the operational deployment and use of Internet Protocol version 6 (IPv6).” The memo described specific steps for agencies to take to “expedite the operational deployment and use of IPv6”, and laid out target deadlines for key milestones. Of specific note, it noted that agencies shall “Upgrade public/external facing servers and services (e.g. web, email, DNS, ISP services, etc) to operationally use native IPv6 by the end of FY 2012.”
For this sixth “launchiversary” of the World IPv6 Launch event, we used historical Internet Intelligence data collected from Oracle Dyn’s Internet Guide recursive DNS service to examine IPv6 adoption trends across federal agencies both ahead of the end of FY 2012 (September 2012) deadline, as well as after it.
The data set used for this analysis is similar to the one used for the recent “Tracking CDN Usage Through Historical DNS Data” blog post, but in this case, it only includes .gov hostnames. While the memorandum calls out the use of IPv6 for ‘web, email, DNS, ISP services, etc.’, in order to simplify the analysis, this post only focuses on hostnames of the form www.[agency].gov, essentially limiting it to public Web properties. Furthermore, the GSA’s master list of .gov domains was used to identify federal agencies for the analysis. Although they may have been present in the initial data set, .gov hostnames associated with cities, counties, interstate agencies, native sovereign nations, and state/local governments were not included in the analysis.
The analysis was done on historical recursive DNS data from September 2009 through October 2017, encompassing federal fiscal years 2010-2017. The graphs below are aggregated by month, and reflect the first time that a given hostname was associated with a AAAA DNS resource record within our data set – note that this may differ from the date that the hostname was first available over IPv6. In addition, the data set used for this analysis is not necessarily exhaustive across .gov domains, as it reflects only those hostname requests made to the Internet Guide service.
In short, Internet Intelligence data showed that IPv6 adoption across federal government www sites was less than aggressive across the survey period, with many agencies failing to deploy public Web sites on IPv6 by the end of FY 2017. Ahead of the deadline, IPv6 adoption was generally slow through 2009-2011, although activity did begin to increase in December 2011, continuing through the September 2012 deadline. Adoption continued at a solid rate throughout FY 2013, but remained generally low through the end of the survey period, with some periods of increased activity in 2017. Among the sites identified, most remain available in a dual-stack (IPv4 & IPv6) setup, but some have fallen back to IPv4 only, and others are no longer available. Akamai and Amazon Web Services are the CDN and cloud platform providers of choice for sites delivered from third-party service providers.
The Executive Branch has the largest number of agencies listed in the GSA master list referenced above. As shown in the figure below, there were a significant number for which we did not find www sites on IPv6 during the survey period. Five agencies deployed sites on IPv6 only ahead of the deadline, and 20 deployed sites only after the deadline, while 28 agencies showed activity both before and after the deadline. Of the eleven listed agencies in the Legislative branch, four deployed www sites on IPv6 only after the deadline, while no IPv6 sites were found for the remaining seven. The two agencies in the Judicial branch were split, with one integrating IPv6 after the deadline, and no IPv6 Web sites found for the other.
Examining that data in more detail shows some interesting activity and trends. In the figure below, the first big spike of activity is seen in June 2011, with AAAA record first seen dates for .gov www sites clustered around World IPv6 Day, which took place on June 8. (Click the graph to view a larger version of the figure.) The Departments of Commerce, Energy, and Health & Human Services launched the largest numbers of Web sites on IPv6 during that month. However, activity all but disappeared until December, when the Department of Veterans Affairs began a multi-month effort to make several hundred topical and city-specific Web sites available via IPv6. Following the VA’s lead, a number of other agencies deployed Web sites on IPv6 through the first half of calendar year 2012, with a peak of activity around the initial World IPv6 Launch event in June. However, it is clear that a number of agencies scrambled to meet the end of FY 2012 deadline, with 115 Web sites from over 20 agencies first appearing on IPv6 in September.
IPv6 adoption tailed off in the months following the September 2012 deadline, as illustrated in the figure below. (Click the graph to view a larger version of the figure.) Starting in June 2013, the Department of Commerce began turning up dozens of topical NOAA sites on IPv6, with the initiative lasting about a year. Beyond that, AAAA records were first seen for only 20-30 new federal Web sites per month through early 2017. Interestingly, the yearly World IPv6 Launch anniversaries during that period seemed to have little impact – no meaningful increases were observed around those dates. However, a significant spike was seen in June 2017, with 120 sites from 18 agencies first observed on IPv6. The Departments of Commerce, Energy, Health & Human Services, and the Interior were the most active agencies that month.
The figures above illustrate the deployment of federal agency Web sites on IPv6 over an eight-year period that ended in October 2017. We also examined the current state of the 2,255 sites identified over that timeframe – that is, how many remain available over IPv6? As shown in the figure below, the news here is relatively good, with over 1,600 available as dual-stacked sites, reachable on IPv6 and IPv4. Interestingly, three sites (www.ipv6.noaa.gov, www.maryland.research.va.gov, and www.e-qip.gov) are available only over IPv6, with DNS lookups returning only AAAA records. Unfortunately, over 200 of the identified sites have fallen back to being available only over IPv4, while over 360 of them are no longer reachable, responding to DNS lookups with an NXDOMAIN.
Many federal agencies work with cloud and CDN providers as part of IT modernization efforts, or to improve the performance, reliability, and security of their Web presence. Some of the identified sites included CNAMEs within their DNS records. For those sites, we analyzed the CNAMEs to identify the use of popular cloud and CDN providers, with the results shown in the figure below. For those sites accelerated through a CDN, over 300 of them make use of Akamai’s IPv6-enabled services, while a smaller number are delivered over IPv6 via Amazon’s Cloudfront service, Cloudflare, and Limelight. Of those sites served directly from an IPv6-enabled cloud platform, the largest number came from Amazon Web Services, while the remainder came from Google Hosted Sites, IBM Cloud, and a small number of other providers.
A recent FedTech article noted that “Agency adoption of IPv6 moves at a glacial pace” but also that “Most have started to ensure their public websites are accessible via IPv6 using dual-stack environments”. Our analysis of eight years of historical recursive DNS data supports these assertions – while much progress has been made, there is still a long way to go.
During the six years since the initial World IPv6 Launch event, many cloud and CDN providers have moved to ease the transition to IPv6, making it easy for customers to support it, either enabling it by default when a new site is configured on their platform, or via a simple configuration option. While federal agencies have been directed to support IPv6 throughout their technology stack, it is arguably easier than ever to do so for public-facing Web sites and applications.